I have developed a PKCS module. when I test it with your C# samples, I see a strange behavior for elpkcs11certstorage.tokenpresent.

When hardware token is available, everything works fine. But when hardware module is not available, my PKCS module doesn't set CKF_TOKEN_PRESENT flags in processing C_GetSlotInfo request. But elpkcs11certstorage.tokenpresent is true in C# application, then nothing works correctly. it seems that CKF_TOKEN_PRESENT flag is ineffective on value of elpkcs11certstorage.tokenpresent.

Would you mind telling me how elpkcs11certstorage.tokenpresent is set?

The TokenPresent property is set according to the result of the C_GetTokenInfo() method. It is likely that your module returns successful result from this method even though the token is not available in the slot.

Hi
As I know in PKCS#11, C_GetSlotInfo retrieves the slot information in second parameter:
CK_DEFINE_FUNCTION(CK_RV, C_GetSlotInfo)(
CK_SLOT_ID slotID,
CK_SLOT_INFO_PTR pInfo
);
CK_SLOT_INFO struct has a flag field which can set to CKF_TOKEN_PRESENT if a token is present in the slot.
typedef struct CK_SLOT_INFO {
CK_UTF8CHAR slotDescription[64];
CK_UTF8CHAR manufacturerID[32];
CK_FLAGS flags;
CK_VERSION hardwareVersion;
CK_VERSION firmwareVersion;
}CK_SLOT_INFO;
But GetTokenInfo retrieves information about a particular token in second parameter: CK_TOKEN_INFO_PTR; this struct has no any filed for report token presence.

CK_DEFINE_FUNCTION(CK_RV, C_GetTokenInfo)(
CK_SLOT_ID slotID,
CK_TOKEN_INFO_PTR pInfo
);
Also, my GetTokenInfo returns CKR_DEVICE_REMOVED if there is no token in the slot.

Would you mind telling me witch idea is correct? Using C_GetTokenInfo or C_GetSlotInfo to set TokenPresent?

According to our experience, a number of firmware vendors do not get use of CKF_TOKEN_PRESENT flag in C_GetSlotInfo() function; this way, we cannot use it as a reliable source of information. Conversely, the C_GetTokenInfo()-based approach proved to work fine with absolutely most of the tokens and drivers. Our code considers the token to be present in the slot if it gets successful (CKR_OK) response from C_GetTokenInfo().

We use cookies to help provide you with the best possible online experience. By using this site, you agree that we may store and access cookies on your device. You can find out more about and set your own preferences here.